[PPT] - A First DFA on PRIDE: from Theory to Practice Works presentation at PowerPoint Presentation

SLIDE 1

A First DFA on PRIDE: from Theory to Practice

Works presentation at CRiSIS 2016 Benjamin Lac1,5, Marc Beunardeau2,6, Anne Canteaut3, Jacques J.A. Fournier1, Renaud Sirdey4

1 CEATech/DPACA, Gardanne, France, 2 Ingenico Labs, Paris, France, 3 Inria, Paris, France, 4 CEATech/LIST, Saclay, France 5 ENSM-SE, Saint-Étienne, France, 6 ENS, Paris, France, {benjamin.lac, jacques.fournier, renaud.sirdey}@cea.fr, marc.beunardeau@ingenico.com, anne.canteaut@inria.fr

September 7th, 2016

SLIDE 2

1

The PRIDE block cipher The structure of PRIDE The PRIDE round function

2

Differential Fault Analysis of PRIDE General principle Differential properties of the PRIDE S-box Properties that make the attack effective

3

Practical implementation of the DFA on PRIDE Implementation of the device Exploitation of obtained faults

4

Countermeasures Duplication of computations Desynchronization Masking

5

Conclusion and perspectives

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 3

The PRIDE block cipher

1

The PRIDE block cipher The structure of PRIDE The PRIDE round function

2

Differential Fault Analysis of PRIDE General principle Differential properties of the PRIDE S-box Properties that make the attack effective

3

Practical implementation of the DFA on PRIDE Implementation of the device Exploitation of obtained faults

4

Countermeasures Duplication of computations Desynchronization Masking

5

Conclusion and perspectives

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 4

The PRIDE block cipher

The structure of PRIDE

1 of 19

The structure of PRIDE Iterative block cipher composed of 20 rounds and introduced by Albrecht & al. in 2014. It takes as input a 64-bit block and uses a 128-bit key k = k0||k1.

M P−1 R

⊕

k0 f1(k1) R f2(k1) R f19(k1) R′ f20(k1)

⊕

k0 P C

The key scheduling We denote k1i the i-th byte of k1 then fr(k1) = k10||g(0)

r

(k11)||k12||g(1)

r

(k13)||k14||g(2)

r

(k15)||k16||g(3)

r

(k17) for round r with g(i)

r (x) = (x + Cir) mod 256 where Ci is a constant. Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 5

The PRIDE block cipher

The structure of PRIDE

1 of 19

The structure of PRIDE Iterative block cipher composed of 20 rounds and introduced by Albrecht & al. in 2014. It takes as input a 64-bit block and uses a 128-bit key k = k0||k1.

M P−1 R

⊕

k0 f1(k1) R f2(k1) R f19(k1) R′ f20(k1)

⊕

k0 P C

The key scheduling We denote k1i the i-th byte of k1 then fr(k1) = k10||g(0)

r

(k11)||k12||g(1)

r

(k13)||k14||g(2)

r

(k15)||k16||g(3)

r

(k17) for round r with g(i)

r (x) = (x + Cir) mod 256 where Ci is a constant. Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 6

The PRIDE block cipher

The PRIDE round function

2 of 19

The PRIDE round function

S S S S S S S S S S S S S S S S R′ R Ir P−1(fr(k1)) Xr Yr P Zr Wr P−1 Or L0 L1 L2 L3 .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . . .

⊕

. . . . .

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 7

Differential Fault Analysis of PRIDE

1

The PRIDE block cipher The structure of PRIDE The PRIDE round function

2

Differential Fault Analysis of PRIDE General principle Differential properties of the PRIDE S-box Properties that make the attack effective

3

Practical implementation of the DFA on PRIDE Implementation of the device Exploitation of obtained faults

4

Countermeasures Duplication of computations Desynchronization Masking

5

Conclusion and perspectives

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 8

Differential Fault Analysis of PRIDE

General principle

3 of 19

Injecting faults on Z19

S S S S S S S S S S S S S S S S Y19 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P Z19 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . W19 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . L0 L1 L2 L3 S S S S S S S S S S S S S S S S P−1 O19 = I20 P−1(f20(k1)) X20 Y20 = O20 k0 P−1(C) P C .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 9

Differential Fault Analysis of PRIDE

General principle

3 of 19

Injecting faults on Z19

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 W19 P−1 O19 = I20 P−1(f20(k1)) X20 Y20 = O20 k0 P−1(C) P C L0 L1 L2 L3

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 10

Differential Fault Analysis of PRIDE

General principle

3 of 19

Injecting faults on Z19

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 O19 = I20 P−1(f20(k1)) X20 Y20 = O20 k0 P−1(C) P C L0 L1 L2 L3

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

.

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 11

Differential Fault Analysis of PRIDE

General principle

3 of 19

Injecting faults on Z19

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 ∆O19 = ∆I20 P−1(f20(k1)) ∆X20 Y20 = O20 k0 P−1(C) P C L0 L1 L2 L3

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1

.

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 12

Differential Fault Analysis of PRIDE

General principle

3 of 19

Injecting faults on Z19

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 ∆O19 = ∆I20 P−1(f20(k1)) ∆X20 Y20 = O20 k0 P−1(C) P ∆C L0 L1 L2 L3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1

.

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 13

Differential Fault Analysis of PRIDE

General principle

3 of 19

Injecting faults on Z19

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 ∆O19 = ∆I20 P−1(f20(k1)) ∆X20 ∆Y20 = ∆O20 k0 P−1(∆C) P ∆C L0 L1 L2 L3 .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. .

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 14

Differential Fault Analysis of PRIDE

General principle

3 of 19

Injecting faults on Z19

Nibble i ∈ {0 · · · 15} (0x8,∆Y 1

20[i])

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 ∆O19 = ∆I20 P−1(f20(k1)) ∆X20 ∆Y20 = ∆O20 k0 P−1(∆C) P ∆C L0 L1 L2 L3 .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. .

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 15

Differential Fault Analysis of PRIDE

General principle

3 of 19

Injecting faults on Z19

Nibble i ∈ {0 · · · 15} (0x8,∆Y 1

20[i])

(0x1,∆Y 2

20[i])

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 ∆O19 = ∆I20 P−1(f20(k1)) ∆X20 ∆Y20 = ∆O20 k0 P−1(∆C) P ∆C L0 L1 L2 L3 .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. .

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 16

Differential Fault Analysis of PRIDE

General principle

4 of 19

Injecting faults on W19

Nibble i ∈ {0 · · · 15} (0x8,∆Y 1

20[i])

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 ∆O19 = ∆I20 P−1(f20(k1)) ∆X20 ∆Y20 = ∆O20 k0 P−1(∆C) P ∆C L0 L1 L2 L3 .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. .

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 17

Differential Fault Analysis of PRIDE

General principle

4 of 19

Injecting faults on W19

Nibble i ∈ {0 · · · 15} (0x8,∆Y 1

20[i])

(0x1,∆Y 2

20[i])

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 ∆O19 = ∆I20 P−1(f20(k1)) ∆X20 ∆Y20 = ∆O20 k0 P−1(∆C) P ∆C L0 L1 L2 L3 .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. . .

⊕

. .

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 18

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

5 of 19

Proposition Let S be an n-bit S-box with differential uniformity 4. Let (a1, b1) and (a2, b2) be two differentials with a1 = a2 such that the system of two equations S(x ⊕ a1) ⊕ S(x) = b1 (1) S(x ⊕ a2) ⊕ S(x) = b2 (2) has at least two solutions. Then, each of the three equations (1), (2) and S(x ⊕ a1 ⊕ a2) ⊕ S(x) = b1 ⊕ b2 (3) has at least four solutions. Mathematical exploited relations For all i in {0, · · · , 15} ∆X20[i] = S−1(P−1(C)[i] ⊕ k0[i]) ⊕ S−1(P−1(C∗)[i] ⊕ k0[i]) Let x = P−1(C)[i] ⊕ k0[i] a1 = P−1(C)[i] ⊕ P−1(C∗)[i] = ∆Y20[i] b1 = ∆X20[i]

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 19

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

5 of 19

Proposition Let S be an n-bit S-box with differential uniformity 4. Let (a1, b1) and (a2, b2) be two differentials with a1 = a2 such that the system of two equations S(x ⊕ a1) ⊕ S(x) = b1 (1) S(x ⊕ a2) ⊕ S(x) = b2 (2) has at least two solutions. Then, each of the three equations (1), (2) and S(x ⊕ a1 ⊕ a2) ⊕ S(x) = b1 ⊕ b2 (3) has at least four solutions. Mathematical exploited relations For all i in {0, · · · , 15} ∆X20[i] = S−1(P−1(C)[i] ⊕ k0[i]) ⊕ S−1(P−1(C∗)[i] ⊕ k0[i]) Let x = P−1(C)[i] ⊕ k0[i] a1 = P−1(C)[i] ⊕ P−1(C∗)[i] = ∆Y20[i] b1 = ∆X20[i]

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 20

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

5 of 19

Proposition Let S be an n-bit S-box with differential uniformity 4. Let (a1, b1) and (a2, b2) be two differentials with a1 = a2 such that the system of two equations S(x ⊕ a1) ⊕ S(x) = b1 (1) S(x ⊕ a2) ⊕ S(x) = b2 (2) has at least two solutions. Then, each of the three equations (1), (2) and S(x ⊕ a1 ⊕ a2) ⊕ S(x) = b1 ⊕ b2 (3) has at least four solutions. Mathematical exploited relations For all i in {0, · · · , 15} ∆X20[i] = S−1(P−1(C)[i] ⊕ k0[i]) ⊕ S−1(P−1(C∗)[i] ⊕ k0[i]) Let x = P−1(C)[i] ⊕ k0[i] a1 = P−1(C)[i] ⊕ P−1(C∗)[i] = ∆Y20[i] b1 = ∆X20[i]

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 21

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

5 of 19

Proposition Let S be an n-bit S-box with differential uniformity 4. Let (a1, b1) and (a2, b2) be two differentials with a1 = a2 such that the system of two equations S(x ⊕ a1) ⊕ S(x) = b1 (1) S(x ⊕ a2) ⊕ S(x) = b2 (2) has at least two solutions. Then, each of the three equations (1), (2) and S(x ⊕ a1 ⊕ a2) ⊕ S(x) = b1 ⊕ b2 (3) has at least four solutions. Mathematical exploited relations For all i in {0, · · · , 15} ∆X20[i] = S−1(P−1(C)[i] ⊕ k0[i]) ⊕ S−1(P−1(C∗)[i] ⊕ k0[i]) Let x = P−1(C)[i] ⊕ k0[i] a1 = P−1(C)[i] ⊕ P−1(C∗)[i] = ∆Y20[i] b1 = ∆X20[i]

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 22

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

5 of 19

Proposition Let S be an n-bit S-box with differential uniformity 4. Let (a1, b1) and (a2, b2) be two differentials with a1 = a2 such that the system of two equations S(x ⊕ a1) ⊕ S(x) = b1 (1) S(x ⊕ a2) ⊕ S(x) = b2 (2) has at least two solutions. Then, each of the three equations (1), (2) and S(x ⊕ a1 ⊕ a2) ⊕ S(x) = b1 ⊕ b2 (3) has at least four solutions. Mathematical exploited relations For all i in {0, · · · , 15} ∆X20[i] = S−1(P−1(C)[i] ⊕ k0[i]) ⊕ S−1(P−1(C∗)[i] ⊕ k0[i]) Let x = P−1(C)[i] ⊕ k0[i] a1 = P−1(C)[i] ⊕ P−1(C∗)[i] = ∆Y20[i] b1 = ∆X20[i]

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 23

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

6 of 19

Obtained differences From injecting faults on Z19 or on W19 (a1, 0x1), (a2, 0x8) Difference distribution table of the PRIDE S-box

T 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x0 16 0x1 4 4 4 4 0x2 4 4 2 2 2 2 0x3 4 4 2 2 2 2 0x4 4 4 2 2 2 2 0x5 4 4 2 2 2 2 0x6 4 4 2 2 2 2 0x7 4 4 2 2 2 2 0x8 4 4 4 4 0x9 2 2 2 2 2 2 2 2 0xa 2 2 2 2 4 4 0xb 4 4 2 2 2 2 0xc 2 2 2 2 2 2 2 2 0xd 2 2 2 2 2 2 2 2 0xe 2 2 2 2 2 2 2 2 0xf 2 2 2 2 2 2 2 2

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 24

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

6 of 19

Obtained differences From injecting faults on Z19 or on W19 (a1, 0x1), (a2, 0x8) Difference distribution table of the PRIDE S-box

T 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x0 16 0x1 4 4 4 4 0x2 4 4 2 2 2 2 0x3 4 4 2 2 2 2 0x4 4 4 2 2 2 2 0x5 4 4 2 2 2 2 0x6 4 4 2 2 2 2 0x7 4 4 2 2 2 2 0x8 4 4 4 4 0x9 2 2 2 2 2 2 2 2 0xa 2 2 2 2 4 4 0xb 4 4 2 2 2 2 0xc 2 2 2 2 2 2 2 2 0xd 2 2 2 2 2 2 2 2 0xe 2 2 2 2 2 2 2 2 0xf 2 2 2 2 2 2 2 2

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 25

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

6 of 19

Obtained differences From injecting faults on Z19 or on W19 (a1, 0x1), (a2, 0x8) Difference distribution table of the PRIDE S-box

T 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x0 16 0x1 4 4 4 4 0x2 4 4 2 2 2 2 0x3 4 4 2 2 2 2 0x4 4 4 2 2 2 2 0x5 4 4 2 2 2 2 0x6 4 4 2 2 2 2 0x7 4 4 2 2 2 2 0x8 4 4 4 4 0x9 2 2 2 2 2 2 2 2 0xa 2 2 2 2 4 4 0xb 4 4 2 2 2 2 0xc 2 2 2 2 2 2 2 2 0xd 2 2 2 2 2 2 2 2 0xe 2 2 2 2 2 2 2 2 0xf 2 2 2 2 2 2 2 2

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 26

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

6 of 19

Obtained differences From injecting faults on Z19 or on W19 (a1, 0x1), (a2, 0x8) Difference distribution table of the PRIDE S-box

T 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x0 16 0x1 4 4 4 4 0x2 4 4 2 2 2 2 0x3 4 4 2 2 2 2 0x4 4 4 2 2 2 2 0x5 4 4 2 2 2 2 0x6 4 4 2 2 2 2 0x7 4 4 2 2 2 2 0x8 4 4 4 4 0x9 2 2 2 2 2 2 2 2 0xa 2 2 2 2 4 4 0xb 4 4 2 2 2 2 0xc 2 2 2 2 2 2 2 2 0xd 2 2 2 2 2 2 2 2 0xe 2 2 2 2 2 2 2 2 0xf 2 2 2 2 2 2 2 2

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 27

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

6 of 19

Obtained differences From injecting faults on Z19 or on W19 (a1, 0x1), (a2, 0x8) Difference distribution table of the PRIDE S-box

T 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x0 16 0x1 4 4 4 4 0x2 4 4 2 2 2 2 0x3 4 4 2 2 2 2 0x4 4 4 2 2 2 2 0x5 4 4 2 2 2 2 0x6 4 4 2 2 2 2 0x7 4 4 2 2 2 2 0x8 4 4 4 4 0x9 2 2 2 2 2 2 2 2 0xa 2 2 2 2 4 4 0xb 4 4 2 2 2 2 0xc 2 2 2 2 2 2 2 2 0xd 2 2 2 2 2 2 2 2 0xe 2 2 2 2 2 2 2 2 0xf 2 2 2 2 2 2 2 2

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 28

Differential Fault Analysis of PRIDE

Differential properties of the PRIDE S-box

6 of 19

Obtained differences From injecting faults on Z19 or on W19 (a1, 0x1), (a2, 0x8) Difference distribution table of the PRIDE S-box

T 0x0 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x0 16 0x1 4 4 4 4 0x2 4 4 2 2 2 2 0x3 4 4 2 2 2 2 0x4 4 4 2 2 2 2 0x5 4 4 2 2 2 2 0x6 4 4 2 2 2 2 0x7 4 4 2 2 2 2 0x8 4 4 4 4 0x9 2 2 2 2 2 2 2 2 0xa 2 2 2 2 4 4 0xb 4 4 2 2 2 2 0xc 2 2 2 2 2 2 2 2 0xd 2 2 2 2 2 2 2 2 0xe 2 2 2 2 2 2 2 2 0xf 2 2 2 2 2 2 2 2

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 29

Differential Fault Analysis of PRIDE

Properties that make the attack effective

7 of 19

The design of the linear layer Flip the 16-bit output of one matrix after the L-layer activates all S-boxes in the next round. Use this property on the penultimate round allows the attacker to recover information on all nibbles of k0. The number of remaining candidates is at most 416, where 4 is the differential-uniformity of the PRIDE S-box. The differential properties of the S-box The number of inputs which satisfy two valid differentials simultaneously is usually reduced to a single element. It is the case in each nibble for the presented strategies.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 30

Differential Fault Analysis of PRIDE

Properties that make the attack effective

7 of 19

The design of the linear layer Flip the 16-bit output of one matrix after the L-layer activates all S-boxes in the next round. Use this property on the penultimate round allows the attacker to recover information on all nibbles of k0. The number of remaining candidates is at most 416, where 4 is the differential-uniformity of the PRIDE S-box. The differential properties of the S-box The number of inputs which satisfy two valid differentials simultaneously is usually reduced to a single element. It is the case in each nibble for the presented strategies.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 31

Differential Fault Analysis of PRIDE

Properties that make the attack effective

7 of 19

The design of the linear layer Flip the 16-bit output of one matrix after the L-layer activates all S-boxes in the next round. Use this property on the penultimate round allows the attacker to recover information on all nibbles of k0. The number of remaining candidates is at most 416, where 4 is the differential-uniformity of the PRIDE S-box. The differential properties of the S-box The number of inputs which satisfy two valid differentials simultaneously is usually reduced to a single element. It is the case in each nibble for the presented strategies.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 32

Differential Fault Analysis of PRIDE

Properties that make the attack effective

7 of 19

The design of the linear layer Flip the 16-bit output of one matrix after the L-layer activates all S-boxes in the next round. Use this property on the penultimate round allows the attacker to recover information on all nibbles of k0. The number of remaining candidates is at most 416, where 4 is the differential-uniformity of the PRIDE S-box. The differential properties of the S-box The number of inputs which satisfy two valid differentials simultaneously is usually reduced to a single element. It is the case in each nibble for the presented strategies.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 33

Differential Fault Analysis of PRIDE

Properties that make the attack effective

7 of 19

The design of the linear layer Flip the 16-bit output of one matrix after the L-layer activates all S-boxes in the next round. Use this property on the penultimate round allows the attacker to recover information on all nibbles of k0. The number of remaining candidates is at most 416, where 4 is the differential-uniformity of the PRIDE S-box. The differential properties of the S-box The number of inputs which satisfy two valid differentials simultaneously is usually reduced to a single element. It is the case in each nibble for the presented strategies.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 34

Practical implementation of the DFA on PRIDE

1

The PRIDE block cipher The structure of PRIDE The PRIDE round function

2

Differential Fault Analysis of PRIDE General principle Differential properties of the PRIDE S-box Properties that make the attack effective

3

Practical implementation of the DFA on PRIDE Implementation of the device Exploitation of obtained faults

4

Countermeasures Duplication of computations Desynchronization Masking

5

Conclusion and perspectives

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 35

Practical implementation of the DFA on PRIDE

Implementation of the device

8 of 19

The chip used and our PRIDE implementation We have implemented PRIDE on a chip embedding an Cortex-M3 micro-

controller. It is quite representative of the devices used for IoT applications.

In order to take advantage of the 32-bit architecture of the micro-controller, we have implemented PRIDE in ARM assembly language. The faults injection device We used electromagnetic pulses to disrupt PRIDE execution. This approach requires no decapsulation of the chip and allows to precisely target a given time. We used a simple EM analysis to identify in time the 18-th and 19-th rounds.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 36

Practical implementation of the DFA on PRIDE

Implementation of the device

8 of 19

The chip used and our PRIDE implementation We have implemented PRIDE on a chip embedding an Cortex-M3 micro-

controller. It is quite representative of the devices used for IoT applications.

In order to take advantage of the 32-bit architecture of the micro-controller, we have implemented PRIDE in ARM assembly language. The faults injection device We used electromagnetic pulses to disrupt PRIDE execution. This approach requires no decapsulation of the chip and allows to precisely target a given time. We used a simple EM analysis to identify in time the 18-th and 19-th rounds.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 37

Practical implementation of the DFA on PRIDE

Implementation of the device

8 of 19

The chip used and our PRIDE implementation We have implemented PRIDE on a chip embedding an Cortex-M3 micro-

controller. It is quite representative of the devices used for IoT applications.

In order to take advantage of the 32-bit architecture of the micro-controller, we have implemented PRIDE in ARM assembly language. The faults injection device We used electromagnetic pulses to disrupt PRIDE execution. This approach requires no decapsulation of the chip and allows to precisely target a given time. We used a simple EM analysis to identify in time the 18-th and 19-th rounds.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 38

Practical implementation of the DFA on PRIDE

Implementation of the device

8 of 19

The chip used and our PRIDE implementation We have implemented PRIDE on a chip embedding an Cortex-M3 micro-

controller. It is quite representative of the devices used for IoT applications.

In order to take advantage of the 32-bit architecture of the micro-controller, we have implemented PRIDE in ARM assembly language. The faults injection device We used electromagnetic pulses to disrupt PRIDE execution. This approach requires no decapsulation of the chip and allows to precisely target a given time. We used a simple EM analysis to identify in time the 18-th and 19-th rounds.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 39

Practical implementation of the DFA on PRIDE

32-bit random faults

9 of 19

32-bit random faults on W19

Nibble i ∈ {0 · · · 15} (0x0,0x0)

r

(0x4,∆Y 1

20[i]) or

(0x8,∆Y 1

20[i]) or

(0xc,∆Y 1

20[i])

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 ∆O19 = ∆I20 P−1(f20(k1)) ∆X20 ∆Y20 = ∆O20 k0 P−1(∆C) P ∆C L0 L1 L2 L3

⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕

.

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

.

0 0 0 0 0 0 0 0

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 40

Practical implementation of the DFA on PRIDE

32-bit random faults

9 of 19

32-bit random faults on W19

Nibble i ∈ {0 · · · 15} (0x0,0x0)

r

(0x1,∆Y 2

20[i]) or

(0x2,∆Y 2

20[i]) or

(0x3,∆Y 2

20[i])

S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ∆Y19 P ∆Z19 ∆W19 P−1 ∆O19 = ∆I20 P−1(f20(k1)) ∆X20 ∆Y20 = ∆O20 k0 P−1(∆C) P ∆C L0 L1 L2 L3 .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

. .

⊕

.

⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1 1 ⊕ 1

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 41

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

10 of 19

The parameter values We used a key k = k0||k1 where k0 = 0xf3f721cb1c882658 and k1 = 0xe417d148e239ca5d The plaintext used for all executions was 0x0132546798badcfe and the correct ciphertext was 0x9aecb37ea45a6c89. We denote respectively by θ, β, γ, δ the possible pair of values (0x2,0x3), (0x4,0x8), (0x4,0xc), (0x8,0xc). The obtained faults on the 19-th round

No. Faulty ciphertext Value of the fault on W19 Value of ∆Y20 Value of ∆X20 1 0x1aad3b972c92ec09 0x00000000804108e8 0xf00060007e40600c 0xθ00010001θ10100θ 2 0x7b4c93dea55a6d89 0x00000000e1a0a0a0 0x88c0000bc0c00000 0xθθθ0000θθ0θ00000 3 0x1b6c733e255aadc9 0x0000000081804040 0xf500000b85000000 0xθ100000θθ1000000 4 0x71ecd27ee55a6d89 0x00000000eb00e900 0x8ec0808f00000000 0xθθθ0θ0θθ00000000 5 0x9aecb324a4426cdb 0x000000000000005a 0x0000000005076050 0x0000000001011010 6 0x9a57b33fa4626cf1 0x0000000000bb005a 0x0000000085bbb08c 0x00000000θ1θθθ0θθ 7 0x9a57b365a4606cb9 0x0000000000bb0000 0x0000000080bfe0ec 0x00000000θ0θθθ0θθ 8 0x77aa24313111ed8c 0x00000000ed461f4d 0xf8868e4f0e006de7 0xθθθ1θθ1θ0θ001θθ1 9 0x9ae8b37ac15a6989 0x6500040400000000 0x0220030300000c00 0x0δδ00δ0δ00000γ00 10 0x8aecb27e415abc89 0xe400d10000000000 0x3329020600000000 0xδδδγ0δ0400000000 11 0xa3e692ed909ee688 0x355fab9300000000 0x10ea921c620482c5 0x40cβγδ4γ4δ0c8δγc 12 0x05ecb27e565a7289 0xf3001f0000000000 0xa22b99bc00000000 0xβδδcγγcγ00000000 Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 42

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

10 of 19

The parameter values We used a key k = k0||k1 where k0 = 0xf3f721cb1c882658 and k1 = 0xe417d148e239ca5d The plaintext used for all executions was 0x0132546798badcfe and the correct ciphertext was 0x9aecb37ea45a6c89. We denote respectively by θ, β, γ, δ the possible pair of values (0x2,0x3), (0x4,0x8), (0x4,0xc), (0x8,0xc). The obtained faults on the 19-th round

No. Faulty ciphertext Value of the fault on W19 Value of ∆Y20 Value of ∆X20 1 0x1aad3b972c92ec09 0x00000000804108e8 0xf00060007e40600c 0xθ00010001θ10100θ 2 0x7b4c93dea55a6d89 0x00000000e1a0a0a0 0x88c0000bc0c00000 0xθθθ0000θθ0θ00000 3 0x1b6c733e255aadc9 0x0000000081804040 0xf500000b85000000 0xθ100000θθ1000000 4 0x71ecd27ee55a6d89 0x00000000eb00e900 0x8ec0808f00000000 0xθθθ0θ0θθ00000000 5 0x9aecb324a4426cdb 0x000000000000005a 0x0000000005076050 0x0000000001011010 6 0x9a57b33fa4626cf1 0x0000000000bb005a 0x0000000085bbb08c 0x00000000θ1θθθ0θθ 7 0x9a57b365a4606cb9 0x0000000000bb0000 0x0000000080bfe0ec 0x00000000θ0θθθ0θθ 8 0x77aa24313111ed8c 0x00000000ed461f4d 0xf8868e4f0e006de7 0xθθθ1θθ1θ0θ001θθ1 9 0x9ae8b37ac15a6989 0x6500040400000000 0x0220030300000c00 0x0δδ00δ0δ00000γ00 10 0x8aecb27e415abc89 0xe400d10000000000 0x3329020600000000 0xδδδγ0δ0400000000 11 0xa3e692ed909ee688 0x355fab9300000000 0x10ea921c620482c5 0x40cβγδ4γ4δ0c8δγc 12 0x05ecb27e565a7289 0xf3001f0000000000 0xa22b99bc00000000 0xβδδcγγcγ00000000 Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 43

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

10 of 19

The parameter values We used a key k = k0||k1 where k0 = 0xf3f721cb1c882658 and k1 = 0xe417d148e239ca5d The plaintext used for all executions was 0x0132546798badcfe and the correct ciphertext was 0x9aecb37ea45a6c89. We denote respectively by θ, β, γ, δ the possible pair of values (0x2,0x3), (0x4,0x8), (0x4,0xc), (0x8,0xc). The obtained faults on the 19-th round

No. Faulty ciphertext Value of the fault on W19 Value of ∆Y20 Value of ∆X20 1 0x1aad3b972c92ec09 0x00000000804108e8 0xf00060007e40600c 0xθ00010001θ10100θ 2 0x7b4c93dea55a6d89 0x00000000e1a0a0a0 0x88c0000bc0c00000 0xθθθ0000θθ0θ00000 3 0x1b6c733e255aadc9 0x0000000081804040 0xf500000b85000000 0xθ100000θθ1000000 4 0x71ecd27ee55a6d89 0x00000000eb00e900 0x8ec0808f00000000 0xθθθ0θ0θθ00000000 5 0x9aecb324a4426cdb 0x000000000000005a 0x0000000005076050 0x0000000001011010 6 0x9a57b33fa4626cf1 0x0000000000bb005a 0x0000000085bbb08c 0x00000000θ1θθθ0θθ 7 0x9a57b365a4606cb9 0x0000000000bb0000 0x0000000080bfe0ec 0x00000000θ0θθθ0θθ 8 0x77aa24313111ed8c 0x00000000ed461f4d 0xf8868e4f0e006de7 0xθθθ1θθ1θ0θ001θθ1 9 0x9ae8b37ac15a6989 0x6500040400000000 0x0220030300000c00 0x0δδ00δ0δ00000γ00 10 0x8aecb27e415abc89 0xe400d10000000000 0x3329020600000000 0xδδδγ0δ0400000000 11 0xa3e692ed909ee688 0x355fab9300000000 0x10ea921c620482c5 0x40cβγδ4γ4δ0c8δγc 12 0x05ecb27e565a7289 0xf3001f0000000000 0xa22b99bc00000000 0xβδδcγγcγ00000000 Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 44

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

11 of 19

Exploitation of the faults to retrieve k0

No. k0[0] k0[1] k0[2] k0[3] k0[4] k0[5] k0[6] k0[7] k0[8] k0[9] k0[10] k0[11] k0[12] k0[13] k0[14] k0[15] 1 0x0 ∅ ∅ ∅ 0x2 ∅ ∅ ∅ 0x0 0x2 0x8 ∅ 0x2 ∅ ∅ 0x4 0x1 0x3 0x1 0x3 0x9 0x3 0x5 0xe 0x4 0x6 0xc 0xc 0x4 0x8 0xf 0x5 0x7 0xd 0xd 0x5 0x9 3 0x0 0x2 ∅ ∅ ∅ ∅ ∅ 0x0 0x1 0x0 0x1 0x8 ∅ ∅ ∅ ∅ ∅ ∅ 0x1 0x3 0x2 0x3 0x2 0x3 0x9 0xe 0x6 0x8 0x9 0x8 0x9 0xc 0xf 0x7 0xa 0xb 0xa 0xb 0xd 6 ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ 0x0 0x1 0x8 0x0 0x1 0x0 0x1 0x0 0x1 ∅ 0x4 0x5 0x4 0x2 0x3 0x9 0x2 0x3 0x2 0x3 0x2 0x3 0x6 0x7 0x5 0x8 0x9 0xc 0x8 0x9 0x8 0x9 0x8 0x9 0xc 0xd 0x8 0xa 0xb 0xd 0xa 0xb 0xa 0xb 0xa 0xb 0xe 0xf 0x9 8 0x0 0x0 0x1 0x4 0x5 0x0 0x0 0x1 0x0 0x8 0x4 ∅ 0x2 ∅ ∅ 0x2 0x6 0x4 0x8 0x1 0x2 0x3 0x6 0x7 0x1 0x2 0x3 0x1 0x9 0x5 0x3 0x3 0x7 0x5 0x9 0xe 0x8 0x9 0xc 0xd 0x6 0x8 0x9 0xe 0xc 0xa 0xc 0x4 0xa 0xa 0xe 0xf 0xa 0xb 0xe 0xf 0x7 0xa 0xb 0xf 0xd 0xb 0xd 0x5 0xb 0xb 0xf 11 ∅ 0x1 0x1 0x4 ∅ 0x4 0xa 0x5 0x2 0x3 0x8 0x2 0x0 0x6 0x1 0x6 0x0 0xb 0x1 0x7 0x4 0x4 0x9 0x7 0x1 0x9 0x8 0x2 0x9 0x5 0x8 0xe 0xf 0xb 0xb 0x6 0xc 0xb 0x6 0xb 0xc 0x9 0xb 0x9 0xd 0xf 0xd 0xd 0x9 0xd 0xe 0x7 0xc 0xa 0xc 0xc 0xf 0xb 0xe 0xe 12 0x3 0x1 0x0 ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ 0x5 0x3 0x2 0x2 0x1 0x2 0x7 0x4 0x5 0x7 0x4 0x7 0x7 0x7 0x9 0x6 0x7 0xc 0xb 0x8 0xc 0xb 0xd 0x9 0xd 0xd 0xe 0xe 0xf 0xb 0xf ∩ 0xf 0x3 0xf 0x7 0x2 0x1 0xc 0xb 0x0 0xc 0x8 0x8 0x2 0x6 0x5 0x8 0x1 0x9

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 45

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

12 of 19

Reducing the remaining candidates for k0 from faults obtained on the 18-th round From the faulty ciphertext 0xf24690de8df8cc89 obtained from a fault on W18, we obtain the 4 following values for ∆Y19 for each possible value of k0

k0 f3f721cb0c882658 f3f721cb0c982658 f3f721cb1c882658 f3f721cb1c982658 ∆Y19 0xc000009022000000 0xe000009022220000 0xc00000b000000000 0xe00000b000220000

and since we know that we injected faults on the last 32 bits of W18, we know that each nibble of ∆X19 is either 0x0, 0x1, 0x2 or 0x3. From the difference distribution table of the S-box, we see that an input difference equal to 0x1, 0x2 or 0x3 can lead to an output difference only in {0x4, 0x5, 0x6, 0x7, 0x8, 0xb, 0xc, 0xd, 0xe, 0xf}

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 46

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

12 of 19

Reducing the remaining candidates for k0 from faults obtained on the 18-th round From the faulty ciphertext 0xf24690de8df8cc89 obtained from a fault on W18, we obtain the 4 following values for ∆Y19 for each possible value of k0

k0 f3f721cb0c882658 f3f721cb0c982658 f3f721cb1c882658 f3f721cb1c982658 ∆Y19 0xc000009022000000 0xe000009022220000 0xc00000b000000000 0xe00000b000220000

and since we know that we injected faults on the last 32 bits of W18, we know that each nibble of ∆X19 is either 0x0, 0x1, 0x2 or 0x3. From the difference distribution table of the S-box, we see that an input difference equal to 0x1, 0x2 or 0x3 can lead to an output difference only in {0x4, 0x5, 0x6, 0x7, 0x8, 0xb, 0xc, 0xd, 0xe, 0xf}

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 47

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

12 of 19

Reducing the remaining candidates for k0 from faults obtained on the 18-th round From the faulty ciphertext 0xf24690de8df8cc89 obtained from a fault on W18, we obtain the 4 following values for ∆Y19 for each possible value of k0

k0 f3f721cb0c882658 f3f721cb0c982658 f3f721cb1c882658 f3f721cb1c982658 ∆Y19 0xc000009022000000 0xe000009022220000 0xc00000b000000000 0xe00000b000220000

and since we know that we injected faults on the last 32 bits of W18, we know that each nibble of ∆X19 is either 0x0, 0x1, 0x2 or 0x3. From the difference distribution table of the S-box, we see that an input difference equal to 0x1, 0x2 or 0x3 can lead to an output difference only in {0x4, 0x5, 0x6, 0x7, 0x8, 0xb, 0xc, 0xd, 0xe, 0xf}

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 48

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

12 of 19

Reducing the remaining candidates for k0 from faults obtained on the 18-th round From the faulty ciphertext 0xf24690de8df8cc89 obtained from a fault on W18, we obtain the 4 following values for ∆Y19 for each possible value of k0

k0 f3f721cb0c882658 f3f721cb0c982658 f3f721cb1c882658 f3f721cb1c982658 ∆Y19 0xc000009022000000 0xe000009022220000 0xc00000b000000000 0xe00000b000220000

and since we know that we injected faults on the last 32 bits of W18, we know that each nibble of ∆X19 is either 0x0, 0x1, 0x2 or 0x3. From the difference distribution table of the S-box, we see that an input difference equal to 0x1, 0x2 or 0x3 can lead to an output difference only in {0x4, 0x5, 0x6, 0x7, 0x8, 0xb, 0xc, 0xd, 0xe, 0xf}

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 49

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

12 of 19

Reducing the remaining candidates for k0 from faults obtained on the 18-th round From the faulty ciphertext 0xf24690de8df8cc89 obtained from a fault on W18, we obtain the 4 following values for ∆Y19 for each possible value of k0

k0 f3f721cb0c882658 f3f721cb0c982658 f3f721cb1c882658 f3f721cb1c982658 ∆Y19 0xc000009022000000 0xe000009022220000 0xc00000b000000000 0xe00000b000220000

and since we know that we injected faults on the last 32 bits of W18, we know that each nibble of ∆X19 is either 0x0, 0x1, 0x2 or 0x3. From the difference distribution table of the S-box, we see that an input difference equal to 0x1, 0x2 or 0x3 can lead to an output difference only in {0x4, 0x5, 0x6, 0x7, 0x8, 0xb, 0xc, 0xd, 0xe, 0xf}

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 50

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

12 of 19

Reducing the remaining candidates for k0 from faults obtained on the 18-th round From the faulty ciphertext 0xf24690de8df8cc89 obtained from a fault on W18, we obtain the 4 following values for ∆Y19 for each possible value of k0

k0 f3f721cb0c882658 f3f721cb0c982658 f3f721cb1c882658 f3f721cb1c982658 ∆Y19 0xc000009022000000 0xe000009022220000 0xc00000b000000000 0xe00000b000220000

and since we know that we injected faults on the last 32 bits of W18, we know that each nibble of ∆X19 is either 0x0, 0x1, 0x2 or 0x3. From the difference distribution table of the S-box, we see that an input difference equal to 0x1, 0x2 or 0x3 can lead to an output difference only in {0x4, 0x5, 0x6, 0x7, 0x8, 0xb, 0xc, 0xd, 0xe, 0xf}

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 51

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

13 of 19

The obtained faults on the 18-th round

No. Faulty ciphertext Value of the fault on W18 Value of ∆Y19 Value of ∆X19 13 0xf24690de8df8cc89 0x0000000082000000 0xc00000b000000000 0xθ00000θ000000000 14 0x2df93aebf5935009 0x0000000041c0d0d0 0x7807000bd8050000 0x1θ01000θθθ010000 15 0xa9a4a34f84604dde 0x0000000003010707 0x000004cd0000065c 0x000001θθ0000011θ 16 0x52c367c49a9b8786 0x0000000000b55858 0x05077000b6d84808 0x01011000θ1θθ1θ0θ 17 0x00632c247f18e99e 0x0000000058580000 0x0e0bb0000d0ef000 0x0θ0θθ0000θ0θθ000 18 0xecbc98d50864ad3a 0x00000000a7a70000 0xc0f008bbb0d00888 0xθ0θ00θθθθ0θ00θθθ 19 0x43b733ec34c1ec11 0x0093000000000000 0x00000000300a0022 0x00000000δ00β00δδ 20 0xcabdf870ee423736 0x75e5575700000000 0x0c8c0b123baf049e 0x0γ8γ0c4δδcβ40cγc 21 0x46eb59132610ef55 0x01e0c60100000000 0x6f0001133aa00006 0x4400044δδββ00004 22 0x9d13b57cf2211618 0x13974cd400000000 0x0f036133290c0422 0x040δ44δδδγ0γ0cδδ 23 0x1247352b2400c0ed 0x0000006700000000 0x0000000009900c96 0x000000000γγ00γγ4 24 0x770a084c5528c599 0x6363000000000000 0x0a8000330aa00022 0x0β8000δδ0ββ000δδ 25 0xc80ca16eb67b9711 0x3600a90000000000 0x6043623a00000000 0x40cδ4δδβ00000000

We first retrieved each nibble Nibi of L−1(S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1))).

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 52

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

14 of 19

Exploitation of the faults to retrieve L−1(S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1)))

No. Nib0 Nib1 Nib2 Nib3 Nib4 Nib5 Nib6 Nib7 Nib8 Nib9 Nib10 Nib11 Nib12 Nib13 Nib14 Nib15 16 ∅ 0x2 ∅ 0x8 0x8 ∅ ∅ ∅ 0x4 0x5 0xa 0x6 0x0 0x1 0x0 0x0 0x1 ∅ 0x0 0x1 0x3 0x9 0x9 0x6 0x7 0xb 0x7 0x2 0x3 0x1 0x2 0x3 0x2 0x3 0x6 0xe 0xe 0xc 0xd 0xc 0xa 0x8 0x9 0x4 0x8 0x9 0x8 0x9 0x7 0xf 0xf 0xe 0xf 0xd 0xb 0xa 0xb 0x5 0xa 0xb 0xa 0xb 17 ∅ 0x2 ∅ 0x4 0x5 0x4 0x5 ∅ ∅ ∅ ∅ 0x6 ∅ 0x2 0x0 ∅ ∅ ∅ 0x3 0x6 0x7 0x6 0x7 0x7 0x3 0x1 0xa 0xc 0xd 0xc 0xd 0xa 0xa 0xe 0xb 0xe 0xf 0xe 0xf 0xb 0xb 0xf 18 0x4 ∅ 0x0 ∅ ∅ 0x0 0x1 0x4 0x5 0x4 0x5 0x4 0x5 ∅ 0x6 ∅ ∅ 0x0 0x1 0x0 0x1 0x0 0x1 0x5 0x1 0x2 0x3 0x6 0x7 0x6 0x7 0x6 0x7 0x7 0x2 0x3 0x2 0x3 0x2 0x3 0x8 0xe 0x8 0x9 0xc 0xd 0xc 0xd 0xc 0xd 0xa 0x8 0x9 0x8 0x9 0x8 0x9 0x9 0xf 0xa 0xb 0xe 0xf 0xe 0xf 0xe 0xf 0xb 0xa 0xb 0xa 0xb 0xa 0xb 20 ∅ ∅ 0x0 0x1 0x1 ∅ 0x3 0x5 0x3 0x0 0x2 0x2 0x3 0x2 0x6 0x6 0x6 0x0 0x1 0x5 0x4 0x0 0x7 0x3 0xa 0x4 0x6 0xa 0xd 0xa 0xb 0x4 0x7 0x7 0xb 0x9 0xc 0xe 0xb 0x8 0xf 0xe 0xf 0x5 0x8 0xc 0xb 0xd 0xa 0xf 0xd 22 ∅ ∅ 0x1 0x1 0x1 0x0 ∅ ∅ 0x0 0x0 0x2 0x8 0x0 0x2 0x2 0x2 0x2 0x3 0x2 0x2 0x3 0x4 0x9 0x1 0x4 0x4 0x5 0x4 0x6 0xa 0x5 0x5 0xc 0x7 0xe 0x4 0x7 0x7 0x7 0xb 0xa 0xe 0x7 0x7 0xc 0xf 0x5 0xc 0xc 0x8 0xd 0xf 0x8 0x8 0xf 0xf 0xf 0xa 0xa 0xa 23 ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ 0x2 0x2 ∅ ∅ 0x3 0x2 0x8 0x4 0x4 0x6 0x4 0x9 0xb 0xb 0xa 0xb 0xe 0xd 0xd 0xf 0xd 0xf 25 ∅ 0x1 0x0 0x1 0x1 ∅ ∅ ∅ ∅ ∅ ∅ ∅ ∅ 0x8 0x2 0x8 0x2 0x2 0x3 0x9 0xa 0x4 0x9 0x5 0x4 0x7 0xe 0xe 0x7 0xe 0x7 0x7 0x9 0xf 0xc 0xf 0x8 0xc 0xb 0xf 0xa 0xf 0xd ∩ 0x8 0x3 0xe 0xf 0xe 0x0 0x4 0x7 0x7 0xb 0xb 0x3 0x0 0xa 0x2 0x8 0x9 0xf 0x1

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 53

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

15 of 19

Calculating the value of k By intersecting sets for each nibble, we got 8 candidates for L−1(S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1))) Then, we calculated the 8 possible S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1)), and from S(P−1(C) ⊕ k0) = 0x128bb20f824eda39, we deduced 8 candidates for P−1(f20(k1)). Finally we got 8 values for f20(k1) and so for k1. We eventually obtained, by testing all possible k1, the secret key k = 0xf3f721cb1c882658e417d148e239ca5d from a few number of faults.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 54

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

15 of 19

Calculating the value of k By intersecting sets for each nibble, we got 8 candidates for L−1(S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1))) Then, we calculated the 8 possible S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1)), and from S(P−1(C) ⊕ k0) = 0x128bb20f824eda39, we deduced 8 candidates for P−1(f20(k1)). Finally we got 8 values for f20(k1) and so for k1. We eventually obtained, by testing all possible k1, the secret key k = 0xf3f721cb1c882658e417d148e239ca5d from a few number of faults.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 55

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

15 of 19

Calculating the value of k By intersecting sets for each nibble, we got 8 candidates for L−1(S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1))) Then, we calculated the 8 possible S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1)), and from S(P−1(C) ⊕ k0) = 0x128bb20f824eda39, we deduced 8 candidates for P−1(f20(k1)). Finally we got 8 values for f20(k1) and so for k1. We eventually obtained, by testing all possible k1, the secret key k = 0xf3f721cb1c882658e417d148e239ca5d from a few number of faults.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 56

Practical implementation of the DFA on PRIDE

Exploitation of obtained faults

15 of 19

Calculating the value of k By intersecting sets for each nibble, we got 8 candidates for L−1(S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1))) Then, we calculated the 8 possible S(P−1(C) ⊕ k0) ⊕ P−1(f20(k1)), and from S(P−1(C) ⊕ k0) = 0x128bb20f824eda39, we deduced 8 candidates for P−1(f20(k1)). Finally we got 8 values for f20(k1) and so for k1. We eventually obtained, by testing all possible k1, the secret key k = 0xf3f721cb1c882658e417d148e239ca5d from a few number of faults.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 57

Countermeasures

1

The PRIDE block cipher The structure of PRIDE The PRIDE round function

2

Differential Fault Analysis of PRIDE General principle Differential properties of the PRIDE S-box Properties that make the attack effective

3

Practical implementation of the DFA on PRIDE Implementation of the device Exploitation of obtained faults

4

Countermeasures Duplication of computations Desynchronization Masking

5

Conclusion and perspectives

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 58

Countermeasures

Duplication of computations

16 of 19

Description W17 W17 O20 O′

20

enc. enc.

O20 = O′

20 ?

O′

20

T r u e F a l s e

W17 O′′

20

enc.

O′′

20 = O′ 20 ?

O20 O′′

20

F a l s e T r u e

Cost per duplication 2 matrix layers 3 substitution layers 3 subkey updates 3 subkey additions Total < 15% of PRIDE enc./dec.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 59

Countermeasures

Duplication of computations

16 of 19

Description W17 W17 O20 O′

20

enc. enc.

O20 = O′

20 ?

O′

20

T r u e F a l s e

W17 O′′

20

enc.

O′′

20 = O′ 20 ?

O20 O′′

20

F a l s e T r u e

Cost per duplication 2 matrix layers 3 substitution layers 3 subkey updates 3 subkey additions Total < 15% of PRIDE enc./dec.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 60

Countermeasures

Duplication of computations

16 of 19

Description W17 W17 O20 O′

20

enc. enc.

O20 = O′

20 ?

O′

20

T r u e F a l s e

W17 O′′

20

enc.

O′′

20 = O′ 20 ?

O20 O′′

20

F a l s e T r u e

Cost per duplication 2 matrix layers 3 substitution layers 3 subkey updates 3 subkey additions Total < 15% of PRIDE enc./dec.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 61

Countermeasures

Duplication of computations

16 of 19

Description W17 W17 O20 O′

20

enc. enc.

O20 = O′

20 ?

O′

20

T r u e F a l s e

W17 O′′

20

enc.

O′′

20 = O′ 20 ?

O20 O′′

20

F a l s e T r u e

Cost per duplication 2 matrix layers 3 substitution layers 3 subkey updates 3 subkey additions Total < 15% of PRIDE enc./dec.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 62

Countermeasures

Duplication of computations

16 of 19

Description W17 W17 O20 O′

20

enc. enc.

O20 = O′

20 ?

O′

20

T r u e F a l s e

W17 O′′

20

enc.

O′′

20 = O′ 20 ?

O20 O′′

20

F a l s e T r u e

Cost per duplication 2 matrix layers 3 substitution layers 3 subkey updates 3 subkey additions Total < 15% of PRIDE enc./dec.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 63

Countermeasures

Duplication of computations

16 of 19

Description W17 W17 O20 O′

20

enc. enc.

O20 = O′

20 ?

O′

20

T r u e F a l s e

W17 O′′

20

enc.

O′′

20 = O′ 20 ?

O20 O′′

20

F a l s e T r u e

Cost per duplication 2 matrix layers 3 substitution layers 3 subkey updates 3 subkey additions Total < 15% of PRIDE enc./dec.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 64

Countermeasures

Desynchronization

17 of 19

Description PRNG Init Out Plaintext

enc.

Wait(Out)

enc.

Wait(Out)

enc.

W17 Ciphertext

enc.

Cost Generation of the PRNG’s output Access to the PRNG’s output Duration of the ‘random delay’

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 65

Countermeasures

Desynchronization

17 of 19

Description PRNG Init Out Plaintext

enc.

Wait(Out)

enc.

Wait(Out)

enc.

W17 Ciphertext

enc.

Cost Generation of the PRNG’s output Access to the PRNG’s output Duration of the ‘random delay’

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 66

Countermeasures

Desynchronization

17 of 19

Description PRNG Init Out Plaintext

enc.

Wait(Out)

enc.

Wait(Out)

enc.

W17 Ciphertext

enc.

Cost Generation of the PRNG’s output Access to the PRNG’s output Duration of the ‘random delay’

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 67

Countermeasures

Desynchronization

17 of 19

Description PRNG Init Out Plaintext

enc.

Wait(Out)

enc.

Wait(Out)

enc.

W17 Ciphertext

enc.

Cost Generation of the PRNG’s output Access to the PRNG’s output Duration of the ‘random delay’

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 68

Countermeasures

Desynchronization

17 of 19

Description PRNG Init Out Plaintext

enc.

Wait(Out)

enc.

Wait(Out)

enc.

W17 Ciphertext

enc.

Cost Generation of the PRNG’s output Access to the PRNG’s output Duration of the ‘random delay’

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 69

Countermeasures

Masking

18 of 19

Description PRNG Init Out Plaintext

enc.

I10⊕Out

enc.

Ciphertext, Out Cost Generation of the PRNG’s output Access to the PRNG’s output

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 70

Countermeasures

Masking

18 of 19

Description PRNG Init Out Plaintext

enc.

I10⊕Out

enc.

Ciphertext, Out Cost Generation of the PRNG’s output Access to the PRNG’s output

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 71

Countermeasures

Masking

18 of 19

Description PRNG Init Out Plaintext

enc.

I10⊕Out

enc.

Ciphertext, Out Cost Generation of the PRNG’s output Access to the PRNG’s output

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 72

Countermeasures

Masking

18 of 19

Description PRNG Init Out Plaintext

enc.

I10⊕Out

enc.

Ciphertext, Out Cost Generation of the PRNG’s output Access to the PRNG’s output

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 73

Conclusion and perspectives

1

The PRIDE block cipher The structure of PRIDE The PRIDE round function

2

Differential Fault Analysis of PRIDE General principle Differential properties of the PRIDE S-box Properties that make the attack effective

3

Practical implementation of the DFA on PRIDE Implementation of the device Exploitation of obtained faults

4

Countermeasures Duplication of computations Desynchronization Masking

5

Conclusion and perspectives

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 74

Conclusion and perspectives

19 of 19

Conclusion First DFA on PRIDE with 4 faults only to retrieve the full secret key. Practical implementation from 32-bit random faults obtained with electromagnetic injection, which is a low-cost means of injection. Resistance against DFA is important for a cipher like PRIDE, which will be dedicated to low-end devices thanks to its lightness. Some countermeasures which leave the cipher still efficient for IoT devices. Perspectives Optimize countermeasures to make them less costly and keep the light side

f PRIDE : be careful that the protections do not open doors to further attacks.

Apply our attack to SPN-based block ciphers with a linear layer similar to the

ne used in PRIDE like the LS-Designs family : will be studied in a future work.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 75

Conclusion and perspectives

19 of 19

Conclusion First DFA on PRIDE with 4 faults only to retrieve the full secret key. Practical implementation from 32-bit random faults obtained with electromagnetic injection, which is a low-cost means of injection. Resistance against DFA is important for a cipher like PRIDE, which will be dedicated to low-end devices thanks to its lightness. Some countermeasures which leave the cipher still efficient for IoT devices. Perspectives Optimize countermeasures to make them less costly and keep the light side

f PRIDE : be careful that the protections do not open doors to further attacks.

Apply our attack to SPN-based block ciphers with a linear layer similar to the

ne used in PRIDE like the LS-Designs family : will be studied in a future work.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 76

Conclusion and perspectives

19 of 19

Conclusion First DFA on PRIDE with 4 faults only to retrieve the full secret key. Practical implementation from 32-bit random faults obtained with electromagnetic injection, which is a low-cost means of injection. Resistance against DFA is important for a cipher like PRIDE, which will be dedicated to low-end devices thanks to its lightness. Some countermeasures which leave the cipher still efficient for IoT devices. Perspectives Optimize countermeasures to make them less costly and keep the light side

f PRIDE : be careful that the protections do not open doors to further attacks.

Apply our attack to SPN-based block ciphers with a linear layer similar to the

ne used in PRIDE like the LS-Designs family : will be studied in a future work.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 77

Conclusion and perspectives

19 of 19

Conclusion First DFA on PRIDE with 4 faults only to retrieve the full secret key. Practical implementation from 32-bit random faults obtained with electromagnetic injection, which is a low-cost means of injection. Resistance against DFA is important for a cipher like PRIDE, which will be dedicated to low-end devices thanks to its lightness. Some countermeasures which leave the cipher still efficient for IoT devices. Perspectives Optimize countermeasures to make them less costly and keep the light side

f PRIDE : be careful that the protections do not open doors to further attacks.

Apply our attack to SPN-based block ciphers with a linear layer similar to the

ne used in PRIDE like the LS-Designs family : will be studied in a future work.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 78

Conclusion and perspectives

19 of 19

Conclusion First DFA on PRIDE with 4 faults only to retrieve the full secret key. Practical implementation from 32-bit random faults obtained with electromagnetic injection, which is a low-cost means of injection. Resistance against DFA is important for a cipher like PRIDE, which will be dedicated to low-end devices thanks to its lightness. Some countermeasures which leave the cipher still efficient for IoT devices. Perspectives Optimize countermeasures to make them less costly and keep the light side

f PRIDE : be careful that the protections do not open doors to further attacks.

Apply our attack to SPN-based block ciphers with a linear layer similar to the

ne used in PRIDE like the LS-Designs family : will be studied in a future work.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 79

Conclusion and perspectives

19 of 19

Conclusion First DFA on PRIDE with 4 faults only to retrieve the full secret key. Practical implementation from 32-bit random faults obtained with electromagnetic injection, which is a low-cost means of injection. Resistance against DFA is important for a cipher like PRIDE, which will be dedicated to low-end devices thanks to its lightness. Some countermeasures which leave the cipher still efficient for IoT devices. Perspectives Optimize countermeasures to make them less costly and keep the light side

f PRIDE : be careful that the protections do not open doors to further attacks.

Apply our attack to SPN-based block ciphers with a linear layer similar to the

ne used in PRIDE like the LS-Designs family : will be studied in a future work.

Benjamin Lac DRT/CEATech/DPACA/LSAS Works presentation at CRiSIS 2016 September 7th, 2016

SLIDE 80

THANKS FOR YOUR ATTENTION

Commissariat à l’énergie atomique et aux énergies alternatives Benjamin Lac DRT/CEATech/DPACA/LSAS Public Industrial and Commercial Establishment RCS Paris B 775 685 019